From db61149b704f68e71ec4dc67002f3259aee6353f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 30 Dec 2024 02:36:02 +0100 Subject: [PATCH] feat: central nixpkgs and nix --- SwarselSystems.org | 154 ++++++++++++++++++--------- hosts/nixos/chaostheatre/default.nix | 3 +- hosts/nixos/nbl-imba-2/default.nix | 9 +- hosts/nixos/sync/default.nix | 1 + hosts/nixos/toto/default.nix | 10 +- hosts/nixos/winters/default.nix | 11 +- lib/default.nix | 2 +- modules/nixos/setup.nix | 1 + profiles/common/home/settings.nix | 40 +++++-- profiles/common/home/starship.nix | 23 +++- profiles/common/nixos/settings.nix | 22 +++- programs/emacs/init.el | 9 +- 12 files changed, 187 insertions(+), 98 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 8fbb51ab..f18fba15 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -817,7 +817,7 @@ My work machine. Built for more security, this is the gold standard of my config :CUSTOM_ID: h:567c0055-f5f7-4e53-8f13-d767d7166e9d :END: #+begin_src nix :tangle hosts/nixos/nbl-imba-2/default.nix - { self, inputs, outputs, config, pkgs, lib, ... }: + { self, inputs, outputs, pkgs, lib, ... }: let profilesPath = "${self}/profiles"; sharedOptions = { @@ -850,12 +850,6 @@ My work machine. Built for more security, this is the gold standard of my config ] ++ (builtins.attrValues outputs.nixosModules); - nixpkgs = { - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; - }; - }; networking.networkmanager.wifi.scanRandMacAddress = false; @@ -902,6 +896,7 @@ My work machine. Built for more security, this is the gold standard of my config isImpermanence = false; isSecureBoot = true; isCrypted = true; + isLinux = true; } sharedOptions; @@ -1184,7 +1179,7 @@ This is my main server that I run at home. It handles most tasks that require bi :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :END: #+begin_src nix :tangle hosts/nixos/winters/default.nix - { self, inputs, outputs, config, ... }: + { self, inputs, outputs, ... }: let profilesPath = "${self}/profiles"; in @@ -1207,14 +1202,6 @@ This is my main server that I run at home. It handles most tasks that require bi ] ++ (builtins.attrValues outputs.nixosModules); - - nixpkgs = { - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; - }; - }; - boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; @@ -1234,6 +1221,7 @@ This is my main server that I run at home. It handles most tasks that require bi hasFingerprint = false; isImpermanence = false; isBtrfs = false; + isLinux = true; flakePath = "/home/swarsel/.dotfiles"; server = { enable = true; @@ -1508,6 +1496,7 @@ This machine mainly acts as an external sync helper. It manages the following th hasBluetooth = false; hasFingerprint = false; isImpermanence = false; + isLinux = true; isBtrfs = false; flakePath = "/root/.dotfiles"; server = { @@ -1536,7 +1525,7 @@ This is a slim setup for developing base configuration. I do not track the hardw :CUSTOM_ID: h:4e53b40b-98b2-4615-b1b0-3696a75edd6e :END: #+begin_src nix :tangle hosts/nixos/toto/default.nix - { self, inputs, outputs, config, pkgs, lib, ... }: + { self, inputs, outputs, pkgs, lib, ... }: let profilesPath = "${self}/profiles"; sharedOptions = { @@ -1577,13 +1566,6 @@ This is a slim setup for developing base configuration. I do not track the hardw ] ++ (builtins.attrValues outputs.nixosModules); - nixpkgs = { - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; - }; - }; - environment.systemPackages = with pkgs; [ curl git @@ -1616,6 +1598,7 @@ This is a slim setup for developing base configuration. I do not track the hardw isCrypted = true; isSecureBoot = false; isSwap = true; + isLinux = true; swapSize = "8G"; # rootDisk = "/dev/nvme0n1"; rootDisk = "/dev/vda"; @@ -1971,7 +1954,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru #+begin_src nix :tangle hosts/nixos/chaostheatre/default.nix - { self, inputs, outputs, config, pkgs, lib, ... }: + { self, inputs, outputs, pkgs, lib, ... }: let profilesPath = "${self}/profiles"; in @@ -2019,6 +2002,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru wallpaper = self + /wallpaper/lenovowp.png; initialSetup = true; isPublic = true; + isLinux = true; }; home-manager.users.swarsel.swarselsystems = { @@ -3738,6 +3722,7 @@ I usually use =mutableUsers = false= in my NixOS configuration. However, on a ne options.swarselsystems.isCrypted = lib.mkEnableOption "uses full disk encryption"; options.swarselsystems.isPublic = lib.mkEnableOption "is a public machine (no secrets)"; options.swarselsystems.initialSetup = lib.mkEnableOption "initial setup (no sops keys available)"; + options.swarselsystems.isLinux = lib.mkEnableOption "whether this is a linux machine"; options.swarselsystems.isBtrfs = lib.mkEnableOption "use btrfs filesystem"; options.swarselsystems.isImpermanence = lib.mkEnableOption "use impermanence on this system"; @@ -4347,7 +4332,7 @@ A breakdown of each function: in systemFunc { inherit pkgs; - extraSpecialArgs = { inherit inputs outputs; }; + extraSpecialArgs = { inherit inputs outputs lib self; }; modules = [ "${self}/hosts/${type}/${host}" ]; }; }; @@ -4476,13 +4461,43 @@ This section is for setting things that should be used on hosts that are using t :END: -Also, we disable the warnings that trigger when rebuilding with a dirty flake. At this point, I am also disabling channels and pinning the flake registry - the latter lets me use the local version of nixpkgs for commands like =nix shell= (without it, we will always download the newest version of nixpkgs for these commands). +We disable the warnings that trigger when rebuilding with a dirty flake. At this point, I am also disabling channels and pinning the flake registry - the latter lets me use the local version of nixpkgs for commands like =nix shell= (without it, we will always download the newest version of nixpkgs for these commands). Also, the system state version is set here. No need to touch it. +A breakdown of the flags being set: + - =nixpgks.config.allowUnfree=: allows packages with an unfree license to be built + - nix.settings: + - experimental-features: + - nix-command: Enables the =nix= command from nix 2.4 + - flakes: Enables flakes to be used + - ca-derivations: Enables content-addressed derivations, which stops unnecessary rebuiluds - to be used with my TODO private hydra and the binary cache =cache.ngi0.nixos.org= in [[#h:aee5ec75-7ca6-40d8-b6ac-a3e7e33a474b][flake.nix template]] + - cgroups: allows the use of cgroups in builds + - pipe-operators: Enables 'piping' instead of the classic currying syntax - =fun arg= can be expressed as =arg |> fun=. Associatively, it is weaker than functions: =a |> b |> d c |> e = e ((d c) (b a))= + - trusted-users: these users have elevated privileges in nix (mostly used to acknowledge binary caches) - root is added per default here + - connect-timeout: normally, nix tries to reach the cache for 300 seconds for each derivation per cache. This setting lets me change that + - bash-prompt-prefix: adds a prefix to shells spawned by =nix develop= + - [min,max]-free: amounts of space where intermittent GC will be run during builds + - flake registry: URI of the global flake registry (I disable it) + - auto-optimise-store: create hardlinks in the nix store to save space + - warn-dirty: I do not need to see the warning when I have uncommited changes + - max-jobs: How many build jobs should be run in parallel. =auto= sets this to the number of CPUs (which is all) - on systems with many cores this can lead to OOM situations. The default is now =1=, but used to be =auto=, I set this manually just to be safe in the future. + - use-cgroups: Actually run builds within cgroups + - nix.channel.enable: whether to use channels + - nix.registry: Sets the registry for this flake, which I set to its inputs. This allows me to use e.g. =nixpkgs= directly in =nix repl= + - nix.nixPath: Basically the same as =nix.registry=, but for the legacy nix commands + #+begin_src nix :tangle profiles/common/nixos/settings.nix - { lib, inputs, ... }: + { lib, config, outputs, inputs, ... }: { + + nixpkgs = { + overlays = [ outputs.overlays.default ]; + config = { + allowUnfree = true; + }; + }; + nix = let flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; @@ -4493,11 +4508,21 @@ Also, the system state version is set here. No need to touch it. "nix-command" "flakes" "ca-derivations" + "cgroups" "pipe-operators" ]; - trusted-users = [ "swarsel" ]; + trusted-users = [ "@wheel" "swarsel" ]; + connect-timeout = 5; + bash-prompt-prefix = "$SHLVL:\\w "; + bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; + fallback = true; + min-free = 128000000; + max-free = 1000000000; flake-registry = ""; + auto-optimise-store = true; warn-dirty = false; + max-jobs = 1; + use-cgroups = lib.mkIf config.swarselsystems.isLinux true; }; channel.enable = false; registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; @@ -8253,19 +8278,36 @@ This section sets up all the imports that are used in the home-manager section. Again, we adapt =nix= to our needs, enable the home-manager command for non-NixOS machines (NixOS machines are using it as a module) and setting user information that I always keep the same. #+begin_src nix :tangle profiles/common/home/settings.nix - { lib, config, pkgs, ... }: + { lib, inputs, config, ... }: { - nix = { - package = lib.mkDefault pkgs.nix; - settings = { - experimental-features = [ - "nix-command" - "flakes" - "ca-derivations" - "pipe-operators" - ]; + nix = + let + flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; + in + lib.mkIf (!config.swarselsystems.isNixos) { + settings = { + experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + "cgroups" + "pipe-operators" + ]; + trusted-users = [ "@wheel" "swarsel" ]; + connect-timeout = 5; + bash-prompt-prefix = "$SHLVL:\\w "; + bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; + fallback = true; + min-free = 128000000; + max-free = 1000000000; + flake-registry = ""; + auto-optimise-store = true; + warn-dirty = false; + max-jobs = 1; + use-cgroups = lib.mkIf config.swarselsystems.isLinux true; + }; + registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; }; - }; programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true; @@ -8278,6 +8320,7 @@ Again, we adapt =nix= to our needs, enable the home-manager command for non-NixO FLAKE = "${config.home.homeDirectory}/.dotfiles"; }; }; + } #+end_src @@ -9021,7 +9064,7 @@ Starship makes my =zsh= look cooler! I have symbols for most programming languag enableZshIntegration = true; settings = { add_newline = false; - format = "$character"; + format = "$shlvl$character"; right_format = "$all"; command_timeout = 3000; @@ -9034,7 +9077,7 @@ Starship makes my =zsh= look cooler! I have symbols for most programming languag git_status = { style = "bg:#394260"; - format = "[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)"; + format = "[[($all_status$ahead_behind)](fg:#769ff0 bg:#394260)]($style) "; }; character = { @@ -9042,7 +9085,23 @@ Starship makes my =zsh= look cooler! I have symbols for most programming languag error_symbol = "[λ](bold red)"; }; - aws.symbol = " "; + shlvl = { + disabled = false; + symbol = "↳"; + format = "[$symbol]($style) "; + repeat = true; + repeat_offset = 1; + style = "blue"; + }; + + nix_shell = { + disabled = false; + heuristic = true; + format = "[$symbol$name]($style)"; + symbol = " "; + }; + + aws.symbol = " "; buf.symbol = " "; c.symbol = " "; conda.symbol = " "; @@ -9065,7 +9124,6 @@ Starship makes my =zsh= look cooler! I have symbols for most programming languag memory_usage.symbol = "󰍛 "; meson.symbol = "󰔷 "; nim.symbol = "󰆥 "; - nix_shell.symbol = " "; nodejs.symbol = " "; os.symbols = { @@ -13405,8 +13463,9 @@ projectile is useful for keeping track of your git projects within Emacs. I most ("C-c p" . projectile-command-map) ; all projectile commands under this :init ;; NOTE: Set this to the folder where you keep your Git repos! - (when (file-directory-p swarsel-projects-directory) - (setq projectile-project-search-path (list swarsel-work-projects-directory swarsel-private-projects-directory))) + (when (file-directory-p swarsel-work-projects-directory) + (when (file-directory-p swarsel-private-projects-directory) + (setq projectile-project-search-path (list swarsel-work-projects-directory swarsel-private-projects-directory)))) (setq projectile-switch-project-action #'magit-status)) #+end_src @@ -13469,9 +13528,6 @@ NOTE: Make sure to configure a GitHub token before using this package! (use-package forge :after magit) - (with-eval-after-load 'forge - (add-to-list 'forge-alist - )) #+end_src *** git-timemachine diff --git a/hosts/nixos/chaostheatre/default.nix b/hosts/nixos/chaostheatre/default.nix index 4d1ccc5a..d4cef255 100644 --- a/hosts/nixos/chaostheatre/default.nix +++ b/hosts/nixos/chaostheatre/default.nix @@ -1,4 +1,4 @@ -{ self, inputs, outputs, config, pkgs, lib, ... }: +{ self, inputs, outputs, pkgs, lib, ... }: let profilesPath = "${self}/profiles"; in @@ -46,6 +46,7 @@ in wallpaper = self + /wallpaper/lenovowp.png; initialSetup = true; isPublic = true; + isLinux = true; }; home-manager.users.swarsel.swarselsystems = { diff --git a/hosts/nixos/nbl-imba-2/default.nix b/hosts/nixos/nbl-imba-2/default.nix index 7c8039c0..c52d1b2f 100644 --- a/hosts/nixos/nbl-imba-2/default.nix +++ b/hosts/nixos/nbl-imba-2/default.nix @@ -1,4 +1,4 @@ -{ self, inputs, outputs, config, pkgs, lib, ... }: +{ self, inputs, outputs, pkgs, lib, ... }: let profilesPath = "${self}/profiles"; sharedOptions = { @@ -31,12 +31,6 @@ in ] ++ (builtins.attrValues outputs.nixosModules); - nixpkgs = { - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; - }; - }; networking.networkmanager.wifi.scanRandMacAddress = false; @@ -83,6 +77,7 @@ in isImpermanence = false; isSecureBoot = true; isCrypted = true; + isLinux = true; } sharedOptions; diff --git a/hosts/nixos/sync/default.nix b/hosts/nixos/sync/default.nix index b2595aa9..6928d1c9 100644 --- a/hosts/nixos/sync/default.nix +++ b/hosts/nixos/sync/default.nix @@ -80,6 +80,7 @@ in hasBluetooth = false; hasFingerprint = false; isImpermanence = false; + isLinux = true; isBtrfs = false; flakePath = "/root/.dotfiles"; server = { diff --git a/hosts/nixos/toto/default.nix b/hosts/nixos/toto/default.nix index 82149161..2334aa66 100644 --- a/hosts/nixos/toto/default.nix +++ b/hosts/nixos/toto/default.nix @@ -1,4 +1,4 @@ -{ self, inputs, outputs, config, pkgs, lib, ... }: +{ self, inputs, outputs, pkgs, lib, ... }: let profilesPath = "${self}/profiles"; sharedOptions = { @@ -39,13 +39,6 @@ in ] ++ (builtins.attrValues outputs.nixosModules); - nixpkgs = { - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; - }; - }; - environment.systemPackages = with pkgs; [ curl git @@ -78,6 +71,7 @@ in isCrypted = true; isSecureBoot = false; isSwap = true; + isLinux = true; swapSize = "8G"; # rootDisk = "/dev/nvme0n1"; rootDisk = "/dev/vda"; diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix index f215180d..0759ee1f 100644 --- a/hosts/nixos/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -1,4 +1,4 @@ -{ self, inputs, outputs, config, ... }: +{ self, inputs, outputs, ... }: let profilesPath = "${self}/profiles"; in @@ -21,14 +21,6 @@ in ] ++ (builtins.attrValues outputs.nixosModules); - - nixpkgs = { - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; - }; - }; - boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; @@ -48,6 +40,7 @@ in hasFingerprint = false; isImpermanence = false; isBtrfs = false; + isLinux = true; flakePath = "/home/swarsel/.dotfiles"; server = { enable = true; diff --git a/lib/default.nix b/lib/default.nix index d7392d40..13524211 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -42,7 +42,7 @@ in systemFunc { inherit pkgs; - extraSpecialArgs = { inherit inputs outputs; }; + extraSpecialArgs = { inherit inputs outputs lib self; }; modules = [ "${self}/hosts/${type}/${host}" ]; }; }; diff --git a/modules/nixos/setup.nix b/modules/nixos/setup.nix index 1810cae0..cfc7152f 100644 --- a/modules/nixos/setup.nix +++ b/modules/nixos/setup.nix @@ -27,6 +27,7 @@ options.swarselsystems.isCrypted = lib.mkEnableOption "uses full disk encryption"; options.swarselsystems.isPublic = lib.mkEnableOption "is a public machine (no secrets)"; options.swarselsystems.initialSetup = lib.mkEnableOption "initial setup (no sops keys available)"; + options.swarselsystems.isLinux = lib.mkEnableOption "whether this is a linux machine"; options.swarselsystems.isBtrfs = lib.mkEnableOption "use btrfs filesystem"; options.swarselsystems.isImpermanence = lib.mkEnableOption "use impermanence on this system"; diff --git a/profiles/common/home/settings.nix b/profiles/common/home/settings.nix index 0a792189..0abfbd41 100644 --- a/profiles/common/home/settings.nix +++ b/profiles/common/home/settings.nix @@ -1,16 +1,33 @@ -{ lib, config, pkgs, ... }: +{ lib, inputs, config, ... }: { - nix = { - package = lib.mkDefault pkgs.nix; - settings = { - experimental-features = [ - "nix-command" - "flakes" - "ca-derivations" - "pipe-operators" - ]; + nix = + let + flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; + in + lib.mkIf (!config.swarselsystems.isNixos) { + settings = { + experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + "cgroups" + "pipe-operators" + ]; + trusted-users = [ "@wheel" "swarsel" ]; + connect-timeout = 5; + bash-prompt-prefix = "$SHLVL:\\w "; + bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; + fallback = true; + min-free = 128000000; + max-free = 1000000000; + flake-registry = ""; + auto-optimise-store = true; + warn-dirty = false; + max-jobs = 1; + use-cgroups = lib.mkIf config.swarselsystems.isLinux true; + }; + registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; }; - }; programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true; @@ -23,4 +40,5 @@ FLAKE = "${config.home.homeDirectory}/.dotfiles"; }; }; + } diff --git a/profiles/common/home/starship.nix b/profiles/common/home/starship.nix index 59c72b13..5a7767d2 100644 --- a/profiles/common/home/starship.nix +++ b/profiles/common/home/starship.nix @@ -5,7 +5,7 @@ _: enableZshIntegration = true; settings = { add_newline = false; - format = "$character"; + format = "$shlvl$character"; right_format = "$all"; command_timeout = 3000; @@ -18,7 +18,7 @@ _: git_status = { style = "bg:#394260"; - format = "[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)"; + format = "[[($all_status$ahead_behind)](fg:#769ff0 bg:#394260)]($style) "; }; character = { @@ -26,7 +26,23 @@ _: error_symbol = "[λ](bold red)"; }; - aws.symbol = " "; + shlvl = { + disabled = false; + symbol = "↳"; + format = "[$symbol]($style) "; + repeat = true; + repeat_offset = 1; + style = "blue"; + }; + + nix_shell = { + disabled = false; + heuristic = true; + format = "[$symbol$name]($style)"; + symbol = " "; + }; + + aws.symbol = " "; buf.symbol = " "; c.symbol = " "; conda.symbol = " "; @@ -49,7 +65,6 @@ _: memory_usage.symbol = "󰍛 "; meson.symbol = "󰔷 "; nim.symbol = "󰆥 "; - nix_shell.symbol = " "; nodejs.symbol = " "; os.symbols = { diff --git a/profiles/common/nixos/settings.nix b/profiles/common/nixos/settings.nix index 31ca0931..8f700593 100644 --- a/profiles/common/nixos/settings.nix +++ b/profiles/common/nixos/settings.nix @@ -1,5 +1,13 @@ -{ lib, inputs, ... }: +{ lib, config, outputs, inputs, ... }: { + + nixpkgs = { + overlays = [ outputs.overlays.default ]; + config = { + allowUnfree = true; + }; + }; + nix = let flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; @@ -10,11 +18,21 @@ "nix-command" "flakes" "ca-derivations" + "cgroups" "pipe-operators" ]; - trusted-users = [ "swarsel" ]; + trusted-users = [ "@wheel" "swarsel" ]; + connect-timeout = 5; + bash-prompt-prefix = "$SHLVL:\\w "; + bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; + fallback = true; + min-free = 128000000; + max-free = 1000000000; flake-registry = ""; + auto-optimise-store = true; warn-dirty = false; + max-jobs = 1; + use-cgroups = lib.mkIf config.swarselsystems.isLinux true; }; channel.enable = false; registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; diff --git a/programs/emacs/init.el b/programs/emacs/init.el index ad36b4c6..c32e0332 100644 --- a/programs/emacs/init.el +++ b/programs/emacs/init.el @@ -1189,8 +1189,9 @@ create a new one." ("C-c p" . projectile-command-map) ; all projectile commands under this :init ;; NOTE: Set this to the folder where you keep your Git repos! - (when (file-directory-p swarsel-projects-directory) - (setq projectile-project-search-path (list swarsel-work-projects-directory swarsel-private-projects-directory))) + (when (file-directory-p swarsel-work-projects-directory) + (when (file-directory-p swarsel-private-projects-directory) + (setq projectile-project-search-path (list swarsel-work-projects-directory swarsel-private-projects-directory)))) (setq projectile-switch-project-action #'magit-status)) (use-package magit @@ -1211,10 +1212,6 @@ create a new one." (use-package forge :after magit) -(with-eval-after-load 'forge - (add-to-list 'forge-alist - )) - (use-package git-timemachine :hook (git-time-machine-mode . evil-normalize-keymaps) :init (setq git-timemachine-show-minibuffer-details t))